RHEL 2.1 : fam (RHSA-2005:005)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated fam packages that fix an information disclosure bug are now
available.

FAM, the File Alteration Monitor, provides a daemon and an API which
applications can use for notification of changes in specific files or
directories.

A bug has been found in the way FAM handles group permissions. It is
possible that a local unprivileged user can use a flaw in FAM's group
handling to discover the names of files which are only viewable to
users in the 'root' group. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2002-0875 to this
issue. This issue only affects the version of FAM shipped with Red Hat
Enterprise Linux 2.1.

Users of FAM should update to these updated packages which contain
backported patches and are not vulnerable to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0875.html
http://rhn.redhat.com/errata/RHSA-2005-005.html

Solution :

Update the affected fam and / or fam-devel packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 16108 ()

Bugtraq ID:

CVE ID: CVE-2002-0875